Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1502295-8)
SAP Support Packages
(SAPKB46C61, SAPKB46C62, SAPKB62069, SAPKB62070, SAPKB64027, SAPKB64028, SAPKB70023, SAPKB70024, SAPKB70108, SAPKB70109, SAPKB70206, SAPKB70207, SAPKB71011, SAPKB71012, SAPKB71106, SAPKB71107, SAPKB72004, SAPKB72005, SAPKB73001, SAPKB73002)
Описание
Reason:
BC-SRV-KPR-CMS fails to correctly validate the path a user-submitted file is written to. Through this, an attacker can potentially overwrite data on the remote system.
Prerequisites:
SAP note 1497003 and 1522787.
BC-SRV-KPR-CMS fails to correctly validate the path a user-submitted file is written to. Through this, an attacker can potentially overwrite data on the remote system.
Prerequisites:
SAP note 1497003 and 1522787.
Как исправить
In order to get this code change, please implement this note or import the relevant support package.
Ссылки